Saturday
HOW HACKERS HACK YOUR NETWORK-3
Do you like this story?
Many firewall companies want to reduce their number of tech support calls. Their business model revolves around having tech support available, but in the process they're also seeking ways of reducing the number of times people call in.
This isn't necessarily a bad thing, but when their products have fewer features, thus fewer benefits as a result - that is a bad thing.
Most firewalls designed for the small business market lack features that most small businesses would benefit from. Many of them have all the technical buzzwords like "deep packet inspection", "spyware prevention", "intrusion detection" and many others, however they don't go into the level of detail needed to be effective.
First, many firewalls that are "designed" for small businesses start with companies that have 100 - 250 users. These might be considered small businesses by the Bureau of Labor statistics but for technology purposes companies of this size have their own IT staff.
This isn't necessarily a bad thing, but when their products have fewer features, thus fewer benefits as a result - that is a bad thing.
Most firewalls designed for the small business market lack features that most small businesses would benefit from. Many of them have all the technical buzzwords like "deep packet inspection", "spyware prevention", "intrusion detection" and many others, however they don't go into the level of detail needed to be effective.
First, many firewalls that are "designed" for small businesses start with companies that have 100 - 250 users. These might be considered small businesses by the Bureau of Labor statistics but for technology purposes companies of this size have their own IT staff.
Not just one IT person, but an IT staff which means that someone is probably responsible for security. If not, they'll have someone train them in the proper setup, installation and monitoring of security appliances.
The businesses we consider small have anywhere from 3 - 50 PCs. The companies at the higher end of this scale might have someone dedicated to handling IT issues. But this person is usually so inundated with PC support issues that they have little time "left over" to effectively monitor firewall logs. Toward the lower end of this scale, they usually have either an outside person or firm responsible or they have an employee who "is pretty good with "computer" who has other responsibilities as well.
The businesses we consider small have anywhere from 3 - 50 PCs. The companies at the higher end of this scale might have someone dedicated to handling IT issues. But this person is usually so inundated with PC support issues that they have little time "left over" to effectively monitor firewall logs. Toward the lower end of this scale, they usually have either an outside person or firm responsible or they have an employee who "is pretty good with "computer" who has other responsibilities as well.
Rarely will these small businesses have someone watching the firewall logs on a consistent basis. Someone might look them over if there's an issue, but these logs rotate when filled so the valuable information might be lost before it's ever reviewed.
And that's a shame.
Without reviewing the logs you have no idea what or who is trying to get in with which or what.
An Example Log File
Let's review some logs.
This happens to be a log from a client. The columns are labeled accordingly. This report has been cleaned up to make it easier to explain and understand.
Date Time Source IP Source Port Destination IP Destination Port
06/18/2007 12:04:03.416 218.10.111.119 12200 55.66.777.1 6588
06/18/2007 12:16:05.192 41.248.25.147 4925 55.66.777.1 5900
06/18/2007 13:08:02.256 218.10.111.119 12200 55.66.777.1 6588
06/18/2007 13:22:10.224 58.180.199.163 4637 55.66.777.1 2967
What is this showing?
Well the first source IP (Internet) address is from Heilongjiang, a province in China. The destination is our client (mangled to protect the innocent) but the important data is the destination port. That identifies what they're looking for.
And that's a shame.
Without reviewing the logs you have no idea what or who is trying to get in with which or what.
An Example Log File
Let's review some logs.
This happens to be a log from a client. The columns are labeled accordingly. This report has been cleaned up to make it easier to explain and understand.
Date Time Source IP Source Port Destination IP Destination Port
06/18/2007 12:04:03.416 218.10.111.119 12200 55.66.777.1 6588
06/18/2007 12:16:05.192 41.248.25.147 4925 55.66.777.1 5900
06/18/2007 13:08:02.256 218.10.111.119 12200 55.66.777.1 6588
06/18/2007 13:22:10.224 58.180.199.163 4637 55.66.777.1 2967
What is this showing?
Well the first source IP (Internet) address is from Heilongjiang, a province in China. The destination is our client (mangled to protect the innocent) but the important data is the destination port. That identifies what they're looking for.
Subscribe to:
Post Comments (Atom)
0 Responses to “HOW HACKERS HACK YOUR NETWORK-3”
Post a Comment